Multiple format string vulnerabilities and a heap overflow vulnerability
were discovered in the code of the neon library (GLSA 200405-01 and
200405-13). Current versions of the tla package include their own version
of this library.

Impact

When connected to a malicious WebDAV server, these vulnerabilities could
allow execution of arbitrary code with the rights of the user running tla.